WordPress Plugin Vulnerabilities

Product Carousel Slider & Grid Ultimate for WooCommerce < 1.9.8 - Authenticated(Contributor+) PHP Object Injection

Description

The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Affects Plugins

Plugin icon
woo-product-carousel-slider-and-grid-ultimate
Fixed in 1.9.8

References

CVE
CVE-2024-1950
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ed8636bf-229a-42a5-a19c-332679613dd2

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Francesco Carlucci
Verified
No
WPVDB ID
58952650-7435-481e-97e3-8ce5b89d38f5

Timeline

Publicly Published
2024-03-05 (about 2 years ago)
Added
2024-03-05 (about 2 years ago)
Last Updated
2024-03-05 (about 2 years ago)

Other

Published
Title
Published
2025-08-13
Title
Eventin < 4.0.32 - Authenticated (Contributor+) PHP Object Injection
Published
2025-09-02
Title
Fluent Forms 5.1.16 - 6.1.0 - Subscriber+ PHP Object Injection To Arbitrary File Read
Published
2025-03-28
Title
Sunshine Photo Cart < 3.4.11 - Unauthenticated PHP Object Injection
Published
2025-01-03
Title
ARPrice < 4.2 - Subscriber+ PHP Object Injection
Published
2024-01-24
Title
Better Search Replace < 1.4.5 - Unauthenticated PHP Object Injection